Needs a follow-up tag. Been keeping an eye on this story since it popped up years ago. EFF is right, we are have a goddamn right to have this case heard and find out what boundaries NSA must follow. I'm pretty sure the judge will side with the government as they usually do, but this case at least deserves to be fought out.

Because the telecoms are absolutely terrified of pissing off the government. (hint: they make a lot of money doing contracts for the government and the government regulates their businesses.) Who we should be going after is whomever at the NSA thought this was a good (legal) idea. Same, same for any government agency that did anything remotely similar without first getting a warrant and targeting specific phone lines or internet access for specific individuals.

If the technology does not allow such specification, they had better get to work doing so, because if we just allow them to tap everyone hoping they find something, we've completely given up the 4th Amendment without a fight.

NewportBarGuy:cman: Remember when Obama voted for immunity for telecoms?

Because the telecoms are absolutely terrified of pissing off the government. (hint: they make a lot of money doing contracts for the government and the government regulates their businesses.) Who we should be going after is whomever at the NSA thought this was a good (legal) idea. Same, same for any government agency that did anything remotely similar without first getting a warrant and targeting specific phone lines or internet access for specific individuals.

If the technology does not allow such specification, they had better get to work doing so, because if we just allow them to tap everyone hoping they find something, we've completely given up the 4th Amendment without a fight.

To further complicate the issue, we've been seeing an increasing number of court cases surrounding technology. In the majority of cases, the ruling tends to be in favor of either business or government but not the individual user.

I'm also extremely uncomfortable with those who don't rely on technology to evaluate cases regarding technology. I always picture my grandmother (who thinks the internet is a tool of the devil and predicted in the Bible ).

There have been a few exceptions. For example, the Courts ruling against illegal GPS tracking on cars (which made for great headlines ). Another case between the Oracle case against Google in which the judge was also a programmer and was able to interpret for the jury.

If you think they have or ever will have any boundaries or regs that they actually obey/respect, you are naive. If any court rules against them there will be someone who takes the fall, and then they will go right back to doing whatever they damn well please.

Majick Thise:If you think they have or ever will have any boundaries or regs that they actually obey/respect, you are naive. If any court rules against them there will be someone who takes the fall, and then they will go right back to doing whatever they damn well please.

Oh, no. I completely understand that. I just want to see them dragged before an actual court and made to sweat for all of 30 seconds. They have, can, and will do whatever the hell they want. I would much prefer a Church Commission for them. Now, that didn't totally stop the CIA from doing evil sh*t but it did make them think a little bit. That's all I can ask for. In the end, they'll do what they want, but they have to be reminded from time to time who they work for.

Bontesla:I'm also extremely uncomfortable with those who don't rely on technology to evaluate cases regarding technology. I always picture my grandmother (who thinks the internet is a tool of the devil and predicted in the Bible ).

Or people like Ted Stevens regulating the internet as a series of tubes. May he rest in pieces.

Sir Cumference the Flatulent:So it's a given that they're doing this. How do we combat it? Tor? PGP for email? I'm not breaking any laws, but what I do isn't their business.

Think for a minute about the shear volume of e-mail... There is no way they look at everything, they can't. They scan for key words what ever they my be, and probably only read stuff with at least two key words. You're right what you do is none of there business, but keep in mind, they have no time to bother with it.

PGP keeps message contents private. It doesn't stop traffic analysis. If you send the message "Niitaka yama nobore" and bombs start dropping, their computers will notice even though they don't speak Japanese or understand the code.

PGP keeps message contents private. It doesn't stop traffic analysis. If you send the message "Niitaka yama nobore" and bombs start dropping, their computers will notice even though they don't speak Japanese or understand the code.

NSA archives everything until the encryption can be broken.

Isn't this common knowledge? I swear I was reading about this in Wired circa 2002.

foo monkey:Isn't this common knowledge? I swear I was reading about this in Wired circa 2002.

Yeah, I think Fort Meade has something like 17 acres of super computers. They harvest everything and pick through all of it on a prioritized basis. That sh*t is unsat. and should probably be axed. The problem is that the govt. fears we'll b*tch and moan after the next attack when TMZ finds some email about the plot or something. Which, we will b*tch and moan. But, they do this "for our own protection" argument has to be challenged in a real court with a real judge who, most likely will find in favor of the govt, gets to hear both sides and just how far down the rabbit hole we've gone.

Though, they've been doing this since before 9/11. This is cold war stuff they just repurposed for The Global War On Terror. They keep in place a cold-war system to track down every and all threat even with the knowledge that they can't capture everyone and another attack is inevitable. They are just playing the odds. As soon as we kill the human emotions of hate and revenge, then we'll all be safe. Until then, they will continue to monitor us all under the guise that the blanket of freedom they shield us with is worth the price of your perceived individual liberty.

Subby might be the only person around who's never heard of this before.

RexTalionis:If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

foxyshadis:Subby might be the only person around who's never heard of this before.

RexTalionis: If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

This has been done for a decade, it's kinda late to worry about it now. Especially since the NSA is almost done it's mega facility in Utah, where they intend to intercept the entire internet, as insane as that sounds.

badhatharry:foxyshadis: Subby might be the only person around who's never heard of this before.

RexTalionis: If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

Just write letters in code like prisoners.

Using grid ciphers and single replacement codes to hide from an agency whose purpose it is to crack codes 1000x more complex. Brilliant concept.

Somaticasual:badhatharry: foxyshadis: Subby might be the only person around who's never heard of this before.

RexTalionis: If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

Just write letters in code like prisoners.

Using grid ciphers and single replacement codes to hide from an agency whose purpose it is to crack codes 1000x more complex. Brilliant concept.

Go simple stupid. Fly under the radar by the time see it...bOom, to late.

An ex-college gf went to work for the NSA as an intern. Many years ago.Just the brief description she was allowed to give me of what she was working on and in production was at the time 10 years ahead of the same thing I was working on when I left grad school three years later.

I still wonder how she got her clearance when the FBI showed up at my dorm room on a saturday night to check me out as a reference. at least they had a sense of humor when they broke up the party.

NewportBarGuy:foo monkey: Isn't this common knowledge? I swear I was reading about this in Wired circa 2002.

Yeah, I think Fort Meade has something like 17 acres of super computers. They harvest everything and pick through all of it on a prioritized basis. That sh*t is unsat. and should probably be axed. The problem is that the govt. fears we'll b*tch and moan after the next attack when TMZ finds some email about the plot or something. Which, we will b*tch and moan. But, they do this "for our own protection" argument has to be challenged in a real court with a real judge who, most likely will find in favor of the govt, gets to hear both sides and just how far down the rabbit hole we've gone.

Though, they've been doing this since before 9/11. This is cold war stuff they just repurposed for The Global War On Terror. They keep in place a cold-war system to track down every and all threat even with the knowledge that they can't capture everyone and another attack is inevitable. They are just playing the odds. As soon as we kill the human emotions of hate and revenge, then we'll all be safe. Until then, they will continue to monitor us all under the guise that the blanket of freedom they shield us with is worth the price of your perceived individual liberty.

If you think they have or ever will have any boundaries or regs that they actually obey/respect, you are naive. If any court rules against them there will be someone who takes the fall, and then they will go right back to doing whatever they damn well please.

You said "if any court rules against them". If the Executive branch declares a national security interest, the courts lose jurisdiction -- the case just gets squashed, pretty much regardless of what any court thinks.

Somaticasual:badhatharry: foxyshadis: Subby might be the only person around who's never heard of this before.

RexTalionis: If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

Just write letters in code like prisoners.

Using grid ciphers and single replacement codes to hide from an agency whose purpose it is to crack codes 1000x more complex. Brilliant concept.

Or, you know, simple bitwise XOR with a shared, data-sized, collection of random bits (or bits only known to the legitimate message participants)... Properly executed book based encryption, even stone age implementations, can't be beaten without the shared codebook. Period. Not even quantum trickery can crack it. If you brute force book based encryption, you'll get the right message eventually, but it will be indistinguishable from every other possible message of the same length for that particular encoding. You get the right answer as well as ALL the wrong ones, and you have no indication of which is which. Even a partial break (by getting a piece of codebook) does nothing to help you crack anything outside of the piece you have. It's literally perfect, in the way that only math can be.

In other words, math says that there is simple unbreakable encryption available to everyone. I'm not sure why the idea offended you in the first place, but there it is.

Think about this before you start freaking out that your email is being read or phone calls are being tapped. How many people are there in the U.S.? (roughly 300 million) How many have email accounts (some people have quite a few) (Butt Ton)? How many people have cell/smart phones? How many phone calls/emails does the average user send/receive a day? Even if NSA has the capability to collect everything, they have to store the data (which I'm sure they don't have enough room to store everything in the computers) and someone has to go through the information to see what's important and what's not. Even if they have some sort of logarithm some has to read the stuff at some point. Use a little bit of logic.

How many people does NSA employ? (a few thousand, maybe) How many are actually trained at going through the stuff? (10,20,30%?) I'm sure not everyone is going through all of that information, someone has to take vacations and spend tax dollars on junkets like the good 'ole GSA folks. Do the math, there is no way in HELL NSA can't see what every person in the U.S. is up to. They probably have some way of prioritizing but come on, if you think you're being monitored you better get your meds straightened out because the next thing the CIA and the old KGB are stalking you also.

One more question, who do you think NSA/government is more worried about? All the citizens within the U.S. or maybe China, Russia, Iran, North Korea and the middle east in general. Again, how much info can they actually store and who is going through all of that crap? So, if you think you're thinking NSA is watching you, maybe you're doing something bad or you're prescription has run out. But let the conspiracy begin

When you make assumptions, you make yourself look like an ass. Gary Johnson is who I am voting for. And, in case if you were wondering, Obama was not born in Kenya (he is an American citizen who meets the qualifications for becoming President), I am for gay marriage, repealing the Patriot act, halting the war on drugs, focusing illegal immigration enforcement only on gangs.

But, go on, keep on grouping me like an idiot because you do not care to actually read what I post. I understand you: if one does not approve of Obama, then they must be a Republican and/or a racist bigot.

RexTalionis:If you're concerned, then you should've been encrypting your emails.

Encrypting is the best way to get your email inspected, as someone upthread pointed out the sheer volume of comm means that they can only scrutinize a few, so they concentrate on keywords and everything out of the ordinary like said encryption and any that show signs of code speak.

/I run a small guitar shop as a hobby and import wood and parts from everywhere, including China, Thailand, and Vietnam, so I always assume my email as well as regular mail is examined, most of my imports from China come via China post through Shenzhen, and so far every one has been opened before I received it, not so with imports from other countries so far.

sno man:You're right what you do is none of there business, but keep in mind, they have no time to bother with it.

They don't have to read it in real time. If they simply capture the data it becomes available for historical searches -- if you pique their interest they can go back and read all your communications, or if they come up with some new search filter they can apply it retroactively to identify you.

If all they did was real-time monitoring it wouldn't be as scary -- still bad, but more limited in scope as you suggest. But that's not the only option with this kind of monitoring.

Somaticasual:badhatharry: foxyshadis: Subby might be the only person around who's never heard of this before.

RexTalionis: If you're concerned, then you should've been encrypting your emails.

The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

Just write letters in code like prisoners.

Using grid ciphers and single replacement codes to hide from an agency whose purpose it is to crack codes 1000x more complex. Brilliant concept.

I wasn't being serious. My point was that we shouldn't have to write our letters in code like prisoners.

foxyshadis:The NSA probably has a huge database of cracked 1024-bit private keys, and larger ones that were subject to various flaws over the years, and I wouldn't be surprised if some of the major US SSL cert companies have been compelled to hand over their private keys. All they have to do is archive everything until they crack the cert, then they can go back and read everything.

Yeah... pretty much this.I was talking with a friend of mine who worked in IT for a few major companies. We were discussing the idea of the government spying on Americans, and I thought I had a decent (far from foolproof, obviously) game plan to make it difficult for people to spy on me. Firefox extensions like "track me not" and all the rest, as well as a few other little things to basically create a lot of background noise that would make it more difficult.

I don't remember exactly all the stuff he said, but by the end of the conversation, it was pretty clear that everything I'm doing amounts to a hill of beans if they had me in their "persons of interest" list. Hell, even my porn searches aren't safe.

Long story short, if you want to keep a message private, meet the recipient in person, give them a letter with coded language only the two of you know, or just don't bother in the first place.

First, more email is encrypted than you might think. The vast majority of SMTP systems now support TLS for both server and client operations, so if there are certificates installed at the server it's not uncommon for email to be encrypted in transit, even if the message itself is not. It's common enough that encryption gateways for email (those systems that send you the "click here to decrypt this secure message from your insurance company" sort of emails) have support to bypass that HTTPS-based encryption system if the remote mail host supports TLS.

And more specifically "inspected" is unlikely for any definition of "inspected" that means more than "flagged and archived", at least if you're using decent encryption. Even if you assume that the NSA decryption techniques are a decade ahead of academic research, and that they have huge computing resources to throw at the task, the capacity of their decryption capabilities would still be very low compared to the volume of encrypted communications on the Internet.